Loading

Privacy statement

Wehaus: Construction Webflow Template illustrative image

Status: April 10, 2024

person responsible

Andreas Kronfuss, Ak-Fehmarn GmbH & Ko KG
Hinrichsdorf 5
23769 Fehmarn, Germany

email address:

office@ak-fehmarn.de

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

  • inventory data.
  • payment details.
  • contact details.
  • Content data.
  • Contract data.
  • usage data.
  • Meta, communication and procedural data.

Categories of affected persons

  • customers.
  • interested parties.
  • communication partner.
  • user.
  • Business and contract partners.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Contact requests and communication.
  • safety measures.
  • direct marketing.
  • Office and organizational procedures.
  • Managing and responding to inquiries.
  • feedback.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases under the GDPR: The following is an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or place of residence. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Article 6 (1) (a) GDPR)

The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.

  • Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR)

Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.

  • Legal obligation (Art. 6 (1) (c) GDPR)

Processing is necessary to fulfill a legal obligation to which the person responsible is subject.

  • Legitimate interests (Art. 6 (1) (f) GDPR)

processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act — BDSG). In particular, the BDSG contains special rules on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. In addition, state data protection laws of the individual federal states may apply.

Note on the validity of the GDPR and Swiss DSG: This data protection notice is intended both to provide information in accordance with the Swiss Federal Data Protection Act (Swiss DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that the terms of the GDPR are used due to the wider geographical application and comprehensibility. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” are used. However, within the scope of the Swiss DSG, the legal meaning of the terms continues to be determined in accordance with the Swiss DSG.

Safety measures

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of data relating to it. We have also set up procedures that ensure the exercise of data subject rights, the deletion of data and responses to data risks. In addition, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.

Transfer of personal data

As part of our processing of personal data, it may be transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. In addition, data transfers only take place if the level of data protection is otherwise ensured, in particular by standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or, in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In addition, we will provide you with the principles of third-country transfers with the individual providers from the third country, with the adequacy decisions taking priority as the basis. Information on transfers to third countries and existing adequacy decisions can be found in the information offered by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ Remove (in English). As part of the data protection policy, we will inform you which service providers we use are certified under the Data Privacy Framework.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object:

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

  • Right of withdrawal in case of consent:

You have the right to withdraw your consent at any time.

  • Right to information:

You have the right to request confirmation as to whether the relevant data is being processed and for information about this data as well as further information and a copy of the data in accordance with legal requirements.

  • Right to rectification:

In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

  • Right to delete and restrict processing:

In accordance with legal requirements, you have the right to request that data concerning you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with legal requirements.

  • Right to data portability:

You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.

  • Complaint to supervisory authority:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the requirements of the GDPR.

Business services

We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractual), for example to answer inquiries.

We use this information to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other performance problems. In addition, we use the data to protect our rights and for the purpose of administrative tasks associated with these obligations and corporate organization. In addition, we process the data on the basis of our legitimate interests both in proper and business management and in security measures to protect our contractual partners and our business operations from misuse, risk of their data, secrets, information and rights (e.g. to involve telecommunications, transport and other assistance services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the above purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

We will inform the contractual partners which data is required for the above purposes before or as part of data collection, e.g. in online forms, through special identification (e.g. colors) or symbols (e.g. asterisks, etc.), or personally.

We delete the data after expiry of legal warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be kept for archiving legal reasons (for example, for tax purposes, usually ten years). We delete data that has been disclosed to us as part of an order by the contractual partner in accordance with the requirements and generally after the end of the order.

  • Types of data processed:

Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact details (e.g. postal and e-mail addresses or telephone numbers); contract data (e.g. contract subject, duration, customer category); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).

  • Affected persons:

customers; prospects. Business and contract partners.

  • Purposes of processing:

Provision of contractual services and fulfillment of contractual obligations; security measures; contact requests and communication; office and organizational procedures. Managing and responding to inquiries.

  • Legal bases:

Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Online shop, order forms, e-commerce and delivery:

We process our customers' data to enable them to select, purchase, or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the ordering or comparable purchase process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultation; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Provision of online services and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transfer the content and functions of our online services to the user's browser or device.

  • Types of data processed:

Usage data (such as page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).

  • Affected persons:

users (e.g. website visitors, users of online services).

  • Purposes of processing:

Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). safety measures.

  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Collection of access data and log files:

Access to our online offering is logged in the form of so-called “server log files.” The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used, on the one hand, for security purposes, e.g. to avoid server overloading (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure server load and stability; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Use of cookies

Cookies are small text files or other memory notes that store information on end devices and read from them. For example, to save the login status in a user account, shopping cart content in an e-shop, the content accessed or functions used on an online offer. Cookies can also be used to address various concerns, such as the functionality, security and convenience of online offerings and to analyse visitor flows.

Information on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. In particular, permission is not required if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e. our online offering) they have expressly requested. The revocable consent is clearly communicated to them and contains information on the respective use of cookies.

Information on legal bases of data protection law: The data protection basis on which we process users' personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for using their data is their given consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offering and improving its usability) or, if this is done as part of fulfilling our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We will explain the purposes for which we use cookies in the course of this privacy policy or as part of our consent and processing processes.

Storage period: With regard to storage time, the following types of cookies are differentiated:

  • Temporary cookies (also: session or session cookies):

Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).

  • Persistent cookies:

Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved and preferred content displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on withdrawal and objection (opt-out):

Users can withdraw their consent at any time and also declare an objection to processing in accordance with legal requirements, including using the privacy settings of their browser.

  • Legal bases:

Legitimate interests (Art. 6 (1) (f) GDPR). Consent (Art. 6 (1) (a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent:

We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution. This procedure is used to obtain, log, manage and withdraw consent, in particular with regard to the use of cookies and comparable technologies, which are used to store, read and process information on users' devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process. Users also have the option to manage and withdraw their consent. The declarations of consent are stored in order to avoid a new request and to be able to provide proof of consent in accordance with legal requirements. The data is stored on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The period of storage of consent is up to two years. This creates a pseudonymous user identifier, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used; Legal bases: Consent (Art. 6 (1) (a) GDPR).

Contact and request management

When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact requests and any requested measures.

  • Types of data processed:

Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as information about authorship or time of creation); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).

  • Affected persons: communication partner.
  • Purposes of processing:

Contact requests and communication; management and response to inquiries; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.

  • Legal bases:

Legitimate interests (Art. 6 (1) (f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing processes, procedures and services:

  • contact form:

When users contact us via our contact form, e-mail or other means of communication, we process the data provided to us in this context to process the submitted request; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Newsletters and electronic notifications

We only send newsletters, emails and other electronic notifications (hereinafter “newsletters”) with the consent of the recipients or legal permission. If the content of the newsletter is specifically described as part of a subscription to the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and ourselves.

In order to subscribe to our newsletter, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of personally addressing you in the newsletter or further information, provided that this is necessary for the purposes of the newsletter.

Double opt-in process: Registration for our newsletter generally takes place in a so-called double opt-in process. This means that after registration, you will receive an email asking you for the appropriate confirmation. This is necessary so that no one can log in with foreign email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes saving both the time of registration and confirmation as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently comply with objections, we reserve the right to store the email address in a blocked list (so-called “block list”) for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been completed correctly. Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Content:

Information about us, our services, promotions and offers.

  • Types of data processed:

Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and e-mail addresses or telephone numbers); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved). Usage data (such as page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).

  • Affected persons:

communication partner.

  • Purposes of processing:

Direct marketing (e.g. via email or post).

  • Legal bases:

Consent (Art. 6 (1) (a) GDPR).

  • Objection option (opt-out):

You can unsubscribe from our newsletter at any time, i.e. withdraw your consent, or object to further receipt. You will either find a link to cancel the newsletter at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.